WASI has no direct access to the host. Plugins need capabilities in order to fulfill the below requirements
Description
a plugin needs a way to be able to:
mount dirs
mounts files
access the host env
access std
access args passed to the parent process
This can be achieved by adding capabilities in the module starlark declaration.
e.g.:
module(
name = "hetzner",
version = "v0.1.0",
# capabilities represents a set of capabilities that the plugin gains all
# capabilities in starlark map to the capabilities of WASI and are describer here
# https://docs.rs/wasmtime-wasi/latest/wasmtime_wasi/struct.WasiCtxBuilder.html#
capabilities = capabilities(
inherits = [
# inherit process args from the host
INHERIT_ARGS,
# inherit process stdio from the host
INHERIT_STDIO,
# inherit process stdout from the host
INHERIT_STDOUT,
# inherit process environment from the host
INHERIT_ENV,
],
# mounts is a list of mounts that the plugin can use
# this gives the WASI module access to the host filesystem
mounts = [
# mount docker socket as file inside wasi
# add file permissions to read and write
mount(
host_path = "/var/run/docker.sock",
guest_path = "/var/run/docker.sock",
read = true,
write = true,
permissions_type = FILE_TYPE_PERMISSIONS,
),
# mount directory inside wasi
# add directory permissions to read and mutate
mount(
host_path = "/var/lib/hetzner",
guest_path = "/mnt/hetzner",
read = true,
mutate = true,
permissions_type = DIR_TYPE_PERMISSIONS,
),
],
),
)
Acceptance Criteria
The above is read from the starlark config and passed to the WASI plugin when is loaded.
TBD?
Context
WASI has no direct access to the host. Plugins need capabilities in order to fulfill the below requirements
Description
a plugin needs a way to be able to:
This can be achieved by adding capabilities in the module starlark declaration. e.g.:
Acceptance Criteria
The above is read from the starlark config and passed to the WASI plugin when is loaded. TBD?
/triage /assign /label enhancement